Transatlantic data sharing talks stumble over access to justice

Sharing is caring, says EU

High-level transatlantic talks on data sharing have hit a snag over EU citizens' right to defend their privacy in US court, the European Commission said in Brussels yesterday.

The US Privacy Act only offers redress to US citizens and residents, while the EU guarantees citizens the right to protect their data worldwide. Washington officials have given assurances that other Acts will offer aggrieved Europeans their day in court, but Brussels "remains to be convinced".

Jonathan Faull, director of the European Commission's justice and interior affairs department, said: "It seems to us to be very important that Europeans should have in the US courts the same rights of action as Americans have in our courts when they believe that their data protection rights have been infringed. That is not to our satisfaction the case in the US."

European officials remain confident they will strike a deal, and sought to calm fears that the ongoing negotiations could offer law enforcement carte blanche to spray sensitive personal information across the Atlantic. They called the special press conference on Wednesday after it was revealed at the weekend that broad talks on principles around sharing data have been ongoing for 18 months.

Privacy advocates have been worried by the declassified document detailing progress in the negotiations. It indicates that the EU has agreed to share the most sensitive personal information about its citizens in exceptional circumstances. This could include medical details, trade union affiliation, religious beliefs and other categories of personal information that are specially protected under EU law.

Faull said the exceptions would be rare, and gave the example of an airline passenger name record (PNR). It could include the fact that a European terror suspect was diabetic so he would get a special in-flight meal. If US law enforcement accessed the record, the medical information would have to be shared.

He argued that the negotiations "are not about sharing data, they are about the protection of data". He repeated the message several times during his presentation.

Data sharing deals between the EU and Washington have so far been made on a case-by-case basis. Officials want to simplify the complex negotiations that led to agreements for transferring SWIFT banking data and PNRs.

Faull said: "What it will do is clear the path to a very large extent I hope that we had to follow in the individual negotiations in the PNR and SWIFT cases. What it will not do is settle the difficult points of detail." He said for example that once it has been shared data should only be retained for the shortest time possible, but that the specific length of time would depend on the particular type of data.

The Commission agreed to work with American officials in November 2006. So far the two parties have identified 12 areas where EU and US privacy laws agree in principle. As well as the lack of court redress rights for foreigners under the US Privacy Act, there are further hurdles to a binding international agreement.

The pair have not tackled what impact an agreement would have on private companies' obligations during data tranfers, or how to ensure the application of and penalties for breaking data protection laws are "equivalent and reciprocal". They also haven't decided how to link individual data sharing arrangements to the generally-agreed principles.

Finally, the EU is concerned about how data it shares with the US might be passed on to third countries that don't have acceptable data protection rules.

Nevertheless, Faull said he hopes a formal bilateral agreement will be approved by the European Council next year. "There is nothing secret about this, there is nothing mysterious about this," he insisted. ®